Title: Claude Code displays PII from tool outputs without masking
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
When working with databases (Supabase) or APIs (Slack), Claude Code
displays raw query results containing personal information (names,
emails, message contents) directly in the conversation.
Despite explicit instructions in CLAUDE.md and memory files to never
display PII, and despite repeated corrections within the same session,
Claude continued to leak personal data from:
- Bash tool outputs (Supabase queries, Slack API responses)
- Dashboard command results
- Debug/diagnostic commands
This is a significant trust and compliance concern for users handling
sensitive data (e.g., child welfare, healthcare, education).
Suggested improvements:
- Auto-detect and mask PII patterns in tool output before displaying
- Respect PII-related instructions in CLAUDE.md with higher priority
- Add a setting to redact tool outputs by default
Environment: Claude Code CLI, Windows 11, claude-opus-4-6
I offered Claude to mask the raw individual information but Claude fail very often and I found it's critical.
Proposed Solution
Make harness to the critical individual information
Alternative Solutions
_No response_
Priority
Critical - Blocking my work
Feature Category
CLI commands and flags
Use Case Example
_No response_
Additional Context
_No response_
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗